22 October 2018

DoD Cyber Strategy of the U.S. of America

I’ve
been reading the Department
of Defense (DoD) Cyber Strategyof the United States of
America this week. This new strategy seems more offensive
than the last one because the Trump administration “will employ
offensive cyber capabilities
and innovative
concepts” as well as
they “must ensure the
U.S. military’s ability to fight and win wars in any domain,
including cyberspace”.
However, the devil is in the details, of course. And the strategy
includes no much details.

The
first line of effort is to build a more lethal Joint Force
which means accelerating
cyber capabilities development
and innovating
to foster agility.
In addition, the Department will use automation
and data analysis tools to improve effectiveness
with the aim of operating at
machine speed and analysing large-scale of data to identify quickly
malicious cyber activities. It’s
interesting as well how they are also willing to employ
commercial-off-the-shelf (COTS) cyber capabilities
to optimized cyber operations.

The
second line of effort is to compete and deter in cyberspace
which means deterring
malicious cyber activities
and persistently fighting
malicious cyber activity in day-to-day competition.
The Department will also
increase the resilience
of U.S. critical infrastructure
working with other agencies and the private sector and sharing
information with them. It’s
important to highlight most critical infrastructure is managed by the
private sector thus sharing information is mandatory for protecting
the country.

The
third line of effort is to strengthen alliances and attract
new partnershipsfor
building trusted private
sector partnerships and
making international
partnerships with the
goal of getting advanced cyber capabilities. In
addition, the Department wants to reinforce
norms of responsible State behaviour in cyberspaceto improve behaviour in
cyberspace such as including prohibitions against damaging civilian
critical infrastructure during peacetime.

Another line of effort is to reform the Department for
incorporating cyber awareness into DoD institutional culture
because leaders and their staffs should know about security risks as
well as they should be able to identify opportunities to gain
advantages. The Department will also increase cybersecurity
accountability into the private sector and personnel so that each
person is accountable for their cybersecurity practices and choices.
This line of effort also seeks material solutions that are
affordable, flexible, and robust which will be got from COTS.
What’s more, the Department wants to expand crowd-sourced
vulnerability identification with hack-a-thons and bug-bounties
to identify and mitigate vulnerabilities.

Finally, the last line of effort is for cultivating talent.
The aim of this line is to enhance the Nation’s cyber talent
and sustain a ready cyber workforce. This is going to be done
with education, training and awareness as well as with the use of the
Reserve Components. Moreover, software and hardware expertise will
be in the core of DoD competencies as well as establishing a
cyber top talent management program will be one of the main
objectives of the DoD.

This is a summary of the Department of Defense Cyber Security. Five
lines of effort to compete, deter, and win in the cyberspace domain.